Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/l-taV26zQ7WeFxi5U2wEDJxQkyQ.roa
File:                     l-taV26zQ7WeFxi5U2wEDJxQkyQ.roa (raw, json)
Hash identifier:          7NgCRlAWBxyzQ19N/UKMAgzRr/Nec4zr9xbSFVxPVyI=
Subject key identifier:   97:EB:5A:57:6E:B3:43:B5:9E:17:18:B9:53:6C:04:0C:9C:50:93:24
Certificate issuer:       /CN=808e238e30dcb759759fb8a394d9e211a28b9d87
Certificate serial:       019425FC041E72B68940B86DB859B6046A31
Authority key identifier: 80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/l-taV26zQ7WeFxi5U2wEDJxQkyQ.roa
Signing time:             Thu 02 Jan 2025 07:47:40 +0000
ROA not before:           Thu 02 Jan 2025 07:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51522
IP address blocks:        91.247.112.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:04:1e:72:b6:89:40:b8:6d:b8:59:b6:04:6a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=808e238e30dcb759759fb8a394d9e211a28b9d87
        Validity
            Not Before: Jan  2 07:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97eb5a576eb343b59e1718b9536c040c9c509324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b2:12:7d:f7:d4:1a:53:ab:d0:73:48:0a:62:
                    44:76:39:d3:e5:77:d2:e5:17:72:57:4b:39:71:d6:
                    0f:eb:17:fd:89:a0:3f:d0:d7:ef:fa:09:68:34:09:
                    33:87:6f:66:b3:bc:84:1c:24:18:ef:81:67:f5:83:
                    a6:38:bf:01:e9:3e:9a:a0:a7:10:bc:f3:dd:af:c0:
                    d5:ac:e2:e5:35:d3:8e:18:f6:b1:54:08:5f:b3:30:
                    a6:24:3e:d4:05:18:96:04:fc:84:3a:99:bc:61:0a:
                    d2:cb:51:1d:d7:c5:e6:04:1c:24:f4:24:f8:32:3e:
                    ee:e8:81:2f:66:fd:61:99:2d:bf:b7:80:7b:78:56:
                    49:50:df:1a:07:f1:eb:09:fd:c1:f3:19:d3:c2:54:
                    55:02:eb:22:2a:8c:ad:89:f3:1f:01:95:08:9d:4a:
                    a0:39:1c:84:12:5a:48:f9:4e:68:6a:f9:c6:9e:25:
                    d9:1f:5c:61:25:7e:41:57:48:5c:b2:99:80:05:e8:
                    ce:4b:47:c3:0c:74:e6:da:03:60:5c:86:b6:e3:a5:
                    3e:ad:69:38:09:d3:98:c9:88:8e:aa:e9:92:ca:14:
                    29:5f:22:5a:94:e1:78:26:bb:a2:bc:06:ea:10:bd:
                    10:98:d2:29:86:45:6b:b0:96:a3:79:55:44:a5:52:
                    a8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:EB:5A:57:6E:B3:43:B5:9E:17:18:B9:53:6C:04:0C:9C:50:93:24
            X509v3 Authority Key Identifier:
                keyid:80:8E:23:8E:30:DC:B7:59:75:9F:B8:A3:94:D9:E2:11:A2:8B:9D:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gI4jjjDct1l1n7ijlNniEaKLnYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/l-taV26zQ7WeFxi5U2wEDJxQkyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7b2cd6-b1f3-43fc-9f09-cd974042649f/1/gI4jjjDct1l1n7ijlNniEaKLnYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:79:ba:20:29:6e:1e:02:7a:25:07:23:41:bd:b0:25:af:8f:
         93:3a:5b:41:f7:5a:9a:0e:d1:e8:03:da:eb:55:81:9c:2a:f6:
         30:37:56:35:50:2f:2f:a7:b0:66:a1:cf:80:7b:44:ed:78:23:
         2f:fb:22:9d:d4:3d:1f:65:b1:fb:2b:d0:e6:af:19:d4:a5:69:
         93:1b:6d:fa:61:81:4e:d4:1a:30:1b:69:2d:59:73:f1:aa:75:
         34:2d:2e:0b:30:0d:ce:e0:c3:e4:54:da:34:fb:d5:2b:2b:55:
         0a:46:50:4e:1b:20:d8:fb:4e:82:31:e0:55:99:65:42:9e:fc:
         27:71:b3:d6:91:e0:3e:28:77:a7:23:ac:28:bd:a1:29:a1:78:
         19:ba:46:65:4c:05:2d:d2:a7:f8:08:4a:28:43:dc:eb:16:7c:
         d2:9b:97:a6:21:18:6c:a1:50:ea:eb:1e:21:56:3e:7f:4b:b3:
         ac:a5:d1:17:dc:35:35:23:80:3f:79:69:e6:5c:07:57:be:1d:
         56:91:79:a8:17:85:e9:3a:4a:10:09:36:5a:4f:87:55:4e:4e:
         08:a2:cc:4a:f7:85:45:44:ab:fa:48:24:15:89:33:fa:40:3c:
         7c:ef:6b:41:1a:56:d1:18:57:15:ff:d3:90:2e:e9:17:3f:65:
         d4:72:16:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/AQecraJQLhtuFm2BGoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOGUyMzhlMzBkY2I3NTk3NTlmYjhhMzk0ZDllMjExYTI4
YjlkODcwHhcNMjUwMTAyMDc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ViNWE1NzZlYjM0M2I1OWUxNzE4Yjk1MzZjMDQwYzljNTA5MzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorISfffUGlOr0HNICmJEdjnT5XfS
5RdyV0s5cdYP6xf9iaA/0Nfv+gloNAkzh29ms7yEHCQY74Fn9YOmOL8B6T6aoKcQ
vPPdr8DVrOLlNdOOGPaxVAhfszCmJD7UBRiWBPyEOpm8YQrSy1Ed18XmBBwk9CT4
Mj7u6IEvZv1hmS2/t4B7eFZJUN8aB/HrCf3B8xnTwlRVAusiKoytifMfAZUInUqg
ORyEElpI+U5oavnGniXZH1xhJX5BV0hcspmABejOS0fDDHTm2gNgXIa246U+rWk4
CdOYyYiOqumSyhQpXyJalOF4JruivAbqEL0QmNIphkVrsJajeVVEpVKoIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfrWldus0O1nhcYuVNsBAycUJMkMB8GA1UdIwQY
MBaAFICOI44w3LdZdZ+4o5TZ4hGii52HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDkt
Y2Q5NzQwNDI2NDlmLzEvbC10YVYyNnpRN1dlRnhpNVUyd0VESnhRa3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83YjJjZDYtYjFmMy00M2ZjLTlmMDktY2Q5NzQwNDI2NDlm
LzEvZ0k0ampqRGN0MWwxbjdpamxObmlFYUtMblljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW/dwMA0G
CSqGSIb3DQEBCwUAA4IBAQBCebogKW4eAnolByNBvbAlr4+TOltB91qaDtHoA9rr
VYGcKvYwN1Y1UC8vp7Bmoc+Ae0TteCMv+yKd1D0fZbH7K9DmrxnUpWmTG236YYFO
1BowG2ktWXPxqnU0LS4LMA3O4MPkVNo0+9UrK1UKRlBOGyDY+06CMeBVmWVCnvwn
cbPWkeA+KHenI6wovaEpoXgZukZlTAUt0qf4CEooQ9zrFnzSm5emIRhsoVDq6x4h
Vj5/S7OspdEX3DU1I4A/eWnmXAdXvh1WkXmoF4XpOkoQCTZaT4dVTk4IosxK94VF
RKv6SCQViTP6QDx872tBGlbRGFcV/9OQLukXP2XUchZi
-----END CERTIFICATE-----